Overview
The following definition for social engineering comes from the U.S. Department of Homeland Security:
In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization's network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.
Social engineering is a broad field that includes not just phishing and spamming, but also actual face-to-face interactions between hackers and their unsuspecting victims.
This page explains some of the simple things you can do to protect yourself from these types of attacks.
Tips
Limit what information you share and post on your social media profiles.
In the past users have had to answer security questions when they reset their passwords. While this is no longer the case for the MyUWF accounts, other places still utilize security questions. The answers to many of these questions can be found on your social media profiles, depending on how much information you divulge.
Also, hackers may use your social media profiles to attempt to impersonate you over the phone or in an email, to gain access to areas they shouldn't be. So don't post when you'll be out of town or will be hospitalized, because that would be a perfect time for hackers to attempt to impersonate you.
Slow down.
Hackers expect to rush their targets. When we're in a hurry, we're far less likely to do our due diligence before disclosing information. In many instances, we can spare a minute or two to evaluate the situation.
When you get a call or email and someone asks you for information, feel free to 1) politely end the call, 2) discuss the call or email with your co-workers and supervisors, and 3) find an alternative phone number to dial to contact the person back. You should be able to find alternative or main department phone numbers on the Internet, so long as you use best practices when reviewing Google results.
Do not open doors to others when those doors are typically locked.
Some hackers try to gain access to a locked building by waiting for someone else to enter the building, and then follow behind them.
Anyone who is entering a locked building or room needs to provide the necessary key, key fob, or ID card.
See General tips for office security for additional details.
Be aware of anyone going through trash and other items they shouldn't be.
Our trash and other belongings may contain key details about ourselves or others. Hackers can use the data found in these places to engage in social engineering attacks.
Do not plug in unknown USB devices into your machine.
Do not click on unknown links or email attachments.
